kerberized afpserver stopped working

[Arte]

Hello,

I have had a nice working setup with a kerberized AFP server. However, since a few days now I get the tgt and the ticket for the afpserver/[email protected] fine, but I cannot mount the volumes with the ticket. All I get is an error -5023.

Since I have not found anything about debugging the kerberos communication on the server I don’t know what to do. Mounting the volumes using password auth after destroying the tickets works fine.

Any hints?

Leo.

[Arte]

I should mention that the kerberos auth server is a Windows 2k3 server. It spits out some errors regarding double host/server.fqdn/DOMAIN errors and not authorized errors.

The server part is split into a main server and one backup. It all happened after one of them died and they had to re-setup that one. Maybe I have to go through the process again and delete old kerberos entries on the server.

Leo.

[Arte]

I have solved the problem. The Windows Administrator has produced new keytab entries for my MacOS X Server. I have removed the old /etc/krb5.keytab with the new entries and since then its working again.

As I said before, we have two servers where one can act as a backup system. However, the one where the first round of keytabs was produces crashed so bad it had to be replaced. It looks like the authentication entries don’t propagate to the other server.

[Author]

Posts